Abstract: Systems and methods for end to end encryption are provided. In example embodiments, a computer accesses an image including a geometric shape. The computer determines that the accessed image includes a candidate shape inside the geometric shape. The computer determines, using the candidate shape, an orientation of the geometric shape. The computer determines a public key of a communication partner device by decoding, based on the determined orientation, data encoded within the geometric shape. The computer receives a message. The computer verifies, based on the public key of the communication partner device, whether the message is from the communication partner device. The computer provides an output including the message and an indication of the communication partner device if the message is verified to be from the communication partner device. The computer provides an output indicating an error if the message is not verified to be from the communication partner device.

Abstract: One embodiment provides a system for noise addition to enforce data privacy protection in a star network. In operation, participants may add a noise component to a dataset. An aggregator may receive the noise components from the plurality of participants, compute an overall noise term based on the received noise components, and aggregate values using the noise components and overall noise term.

Abstract: A system that includes a vault management console configured to determine a measurement request for virtual machine operating characteristics metadata. The system further includes a guest virtual machine that includes virtual machine measurement points and a hypervisor control point. The system further includes a hypervisor associated with the guest virtual machine that is configured to communicate the measurement request to the hypervisor control point. The hypervisor is further configured to receive a packet with the virtual machine operating characteristics metadata and to communicate the packet to the virtual vault machine. The hypervisor device driver is configured to receive the packet from the hypervisor and to communicate the virtual machine operating characteristics to an analysis tool.

Abstract: The present disclosure relates to a system and method for providing a secure context exchange cloud service which enables context information to be shared among devices, and providing a safety application which utilizes the context information being shared. In one example, the context exchange cloud service provides secure exchange of the context information, which in turn enables a safety application to enhance personal safety.

Abstract: Provided is a personal content providing system for providing customized content according to a personalization context. The personal content providing system includes a context reader configured to receive a context beacon including the personalization context from one or more of a context terminal and a context tag, a content generation device configured to generate personal content, based on the personalization context, a content service device including a content output device that outputs the generated personal content, a local space switch configured to connect the context terminal, the context tag, the context reader, and the content service device which are disposed in a predetermined local space, and an infrastructure management device configured to manage the context terminal, the context tag, the context reader, and the content service device which are disposed in the predetermined local space.

Abstract: According to one aspect of the disclosure, there is provided a storage device that includes: a storage medium; and circuitry that reads identification information stored on an integrated circuit card (IC card), and performs authentication using the identification information read by the circuitry and basic identification information stored in a specific area of the storage medium.

Abstract: A method and an apparatus enabling browsers to perform security scan of devices is described. The method includes receiving a device scan request triggered when a device scan function in a browser is selected by a user. The method further includes injecting a pre-defined device scan program into an engine of the browser according to the received device scan request, running the device scan program, and displaying a scan result on a scan result displaying interface of the browser. A security scan in the prevalent browser application adds different functions to the browser and exempts users from downloading dedicated device checking and management software.

Abstract: An e-mail server decrypts attachments of an e-mail message with a key associated with a sending device such that failure of the decryption indicates the e-mail message can be harmful. The sending device inserts its device identifier into the e-mail message as a header and uses an encryption key associated with the device identifier and a digital fingerprint of the sending device to encrypt all attachments of the e-mail message. The delivering e-mail server processes the e-mail message. If the e-mail message contains no identifier, if no key is associated with the parsed identifier, or if attempted encryption fails, the e-mail server determines that the e-mail message is potentially harmful and disarms the e-mail message.

Abstract: Systems and methods may provide for receiving an authentication input and determining an authentication orientation of a mobile platform during entry of the authentication input. In addition, a determination may be made as to whether to validate a user based on the authentication input and the authentication orientation of the mobile platform. Platform orientation may also be used to detect malware.

Abstract: A web application receives a request for a web site's login page. The web application sends, via a domain name, a response including the login page, a first token in a first field in the login page's header, and a second token in a second field in the login page's header, wherein the first field is modifiable only via a related domain name which is related to the domain name, and wherein the first token is a function of the second token. The web application receives a request to login to the site from a client, wherein the request to login includes a header that includes the first field and the second field. The web application establishes a session with the client if the first field in the header includes a token which is the function of a token in the second field in the header.

Abstract: Methods and systems for assigning security settings to one or more nodes within an enterprise network are disclosed. One method includes receiving network concordance data at an enterprise security management configuration tool from a plurality of nodes within an enterprise network, and receiving, in a configuration user interface, a selection of an affinitization level selected from a plurality of discrete affinitization levels, each of the discrete affinitization levels corresponding to a different extent to which nodes within an enterprise are grouped into profiles. The method also includes automatically grouping each of the plurality of nodes identified in the network concordance data into a plurality of profiles based on the selected affinitization level, and applying a common security policy to each of the nodes included in one of the plurality of profiles.

Abstract: Systems, apparatus, and methods using an integrated photonic chip capable of operating at rates higher than a Gigahertz for quantum key distribution are disclosed. The system includes two identical transmitter chips and one receiver chip. The transmitter chips encode photonic qubits by modulating phase-randomized attenuated laser light within two early or late time-bins. Each transmitter chip can produce a single-photon pulse either in one of the two time-bins or as a superposition of the two time-bins with or without any phase difference. The pulse modulation is achieved using ring resonators, and the phase difference between the two time-bins is obtained using thermo-optic phase shifters and/or time delay elements. The receiver chip employs either homodyne detection or heterodyne detection to perform Bell measurements.

Abstract: An information processing apparatus for encrypting or decrypting data by AES scheme, includes a processor; and a memory storing a first table including mixed components based on exclusive OR of first random components and key data, a second table, and a third table. The processor executes selecting four bytes of sub-round data from the data; a first transformation based on the first table, for each of one-byte data items of the sub-round data, to generate first data by taking exclusive OR of the one-byte data items and the mixed components; a second transformation based on the second table to transform the first data into second data; a third transformation based on the third table to transform the second data into multiple items of third data; calculating exclusive OR of the third data.

Abstract: Methods and apparatus are disclosed for facilitating online storage of files (e.g., audio tracks, video, etc.) for playback/access or sale/exchange by the owners of the files without violating copyrights that copyright holders have in the files. For example, by providing a playback service that does not store additional versions of an audio file when the file is transmitted to, and immediately played on, a user device without buffering, the present invention avoids violating copyright laws by not making copies of the file. Numerous other aspects are disclosed.

Abstract: Aspects of the present disclosure generally relate to one or more systems, methods, and/or devices for secure communication between devices, such as devices within a vehicle. For example, some vehicles have integrated mobile computing platforms that enable communication with an extended productivity device. However, communication between the mobile computing platform and the extended productivity device may lack sufficient security. As such, the present disclosure provides for secure communication between the mobile computing platform and the extended productivity device by verifying, for example, an identity of the extended productivity device.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding buffer corresponding to the file is created within a shared memory of the network gateway device; (ii) data being read from or written to the file by the monitored remote file-system access protocol sessions is buffered into the shared holding buffer; and (iii) responsive to a predetermined event, content filtering is performed on the shared holding buffer to determine whether malicious, dangerous or unauthorized content is contained within the shared holding buffer.

Abstract: In computer-based user authentication, a user may establish or enhance security for a component of a multi-component password by performing a security operation on a selected component of the password. The security operation may comprise encrypting the selected component. The password may be an image-based password and security operation may be encrypting information related to positions of at least one target location on a verification image.

Abstract: A data storage system (1) uses an encryption scheme in which an encrypted file can be decrypted using a decryption key when a decryption condition set in the encrypted file is satisfied by a user attribute set in the decryption key. The data storage system (1) stores encrypted files encrypted by the encryption scheme in a file storage apparatus (20). When user attribute is specified from a user terminal (10), the data storage system (1) extracts the encrypted file of which the decryption condition is satisfied by the specified user attribute from among the encrypted files stored in the file storage apparatus (20), and displays the extracted encrypted files classified by decryption condition.

Abstract: A secure and fault-tolerant, or variation-tolerant, method and system to turn a set of N shares into an identifier even when only M shares from this set have a correct value. A secret sharing algorithm is used to generate a number of candidate identifiers from subsets of shares associated with asset parameters of a collection of assets. The most frequently occurring candidate identifier is then determined to be the final identifier. The method has particular applicability in the fields of node locking and fingerprinting.

Abstract: Secure communications methods for use with entrepreneurial prediction systems and methods are provided herein. An example method can include a two factor authentication of both a communications channel used by the entrepreneur (either by device or message attributes) and an identification of an identity of the entrepreneur from biometric parameters. This allows for secure communication with an entrepreneur when the entrepreneur is communicating from a geographical location of low trust, such as where device or identity theft is common.